{ "id": "185ec551-1416-47df-81ba-f81f861eaa1a", "created_at": "2026-04-06T00:11:35.394655Z", "updated_at": "2026-04-10T03:36:06.628422Z", "deleted_at": null, "sha1_hash": "37d8a33f1fbb8a06424f4d1423c132bb54090fdd", "title": "Unit 42 - Latest Cyber Security Research | Palo Alto Networks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 31819, "plain_text": "Unit 42 - Latest Cyber Security Research | Palo Alto Networks\r\nPublished: 2026-04-03 · Archived: 2026-04-05 16:44:30 UTC\r\nThe 2026 Unit 42 Global Incident Response Report confirms it: The adversary isn’t just smarter; they are faster.\r\nYour new threat reality? AI enables threat actors to move from initial access to exfiltration in minutes, effortlessly\r\nbypassing traditional defenses.\r\nIn the report, you will learn how:\r\nSpeed now defines risk: Attacks are 4X faster, with data exfiltration in \u003c1 hour in some cases.\r\nIdentity accelerates impact: 65% of initial access is driven by identity-based techniques allowing\r\nunauthorized access, privilege escalation and lateral movement.\r\nSprawl expands exposure: 87% of attacks unfolded across multiple attack surfaces, making it harder to\r\ncorrelate attack signals.\r\nSource: https://unit42.paloaltonetworks.com/atoms/iron-taurus/\r\nhttps://unit42.paloaltonetworks.com/atoms/iron-taurus/\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "references": [ "https://unit42.paloaltonetworks.com/atoms/iron-taurus/" ], "report_names": [ "iron-taurus" ], "threat_actors": [ { "id": "c63ab035-f9f2-4723-959b-97a7b98b5942", "created_at": "2023-01-06T13:46:38.298354Z", "updated_at": "2026-04-10T02:00:02.917311Z", "deleted_at": null, "main_name": "APT27", "aliases": [ "BRONZE UNION", "Circle Typhoon", "Linen Typhoon", "TEMP.Hippo", "Budworm", "Lucky Mouse", "G0027", "GreedyTaotie", "Red Phoenix", "Iron Tiger", "Iron Taurus", "Earth Smilodon", "TG-3390", "EMISSARY PANDA", "Group 35", "ZipToken" ], "source_name": "MISPGALAXY:APT27", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "5c13338b-eaed-429a-9437-f5015aa98276", "created_at": "2022-10-25T16:07:23.582715Z", "updated_at": "2026-04-10T02:00:04.675765Z", "deleted_at": null, "main_name": "Emissary Panda", "aliases": [ "APT 27", "ATK 15", "Bronze Union", "Budworm", "Circle Typhoon", "Earth Smilodon", "Emissary Panda", "G0027", "Group 35", "Iron Taurus", "Iron Tiger", "Linen Typhoon", "LuckyMouse", "Operation DRBControl", "Operation Iron Tiger", "Operation PZChao", "Operation SpoiledLegacy", "Operation StealthyTrident", "Red Phoenix", "TEMP.Hippo", "TG-3390", "ZipToken" ], "source_name": "ETDA:Emissary Panda", "tools": [ "ASPXSpy", "ASPXTool", "Agent.dhwf", "AngryRebel", "Antak", "CHINACHOPPER", "China Chopper", "Destroy RAT", "DestroyRAT", "FOCUSFJORD", "Farfli", "Gh0st RAT", "Ghost RAT", "HTTPBrowser", "HTran", "HUC Packet Transmit Tool", "HighShell", "HttpBrowser RAT", "HttpDump", "HyperBro", "HyperSSL", "HyperShell", "Kaba", "Korplug", "LOLBAS", "LOLBins", "Living off the Land", "Mimikatz", "Moudour", "Mydoor", "Nishang", "OwaAuth", "PCRat", "PlugX", "ProcDump", "PsExec", "RedDelta", "SEASHARPEE", "Sensocode", "SinoChopper", "Sogu", "SysUpdate", "TIGERPLUG", "TVT", "Thoper", "Token Control", "TokenControl", "TwoFace", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "Xamtrav", "ZXShell", "gsecdump", "luckyowa" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434295, "ts_updated_at": 1775792166, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/37d8a33f1fbb8a06424f4d1423c132bb54090fdd.pdf", "text": "https://archive.orkl.eu/37d8a33f1fbb8a06424f4d1423c132bb54090fdd.txt", "img": "https://archive.orkl.eu/37d8a33f1fbb8a06424f4d1423c132bb54090fdd.jpg" } }